Re: [OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
On Tue, 2023-10-03 at 21:05 +0100, Richard Purdie via lists.openembedded.org wrote: > On Mon, 2023-10-02 at 20:09 -0700, Hemraj, Deepthi via > lists.openembedded.org wrote: > > From: Deepthi Hemraj > > > > Below commits on glibc-2.38 stable branch are updated. > > 0e1ef6779a (HEAD -> release/2.38/master, origin/release/2.38/master) > > manual/jobs.texi: Add missing @item EPERM for getpgid > > d94461bb86 string: Fix tester build with fortify enable with gcc < 12 > > 63250e9c57 iconv: restore verbosity with unrecognized encoding names (bug > > 30694) > > 00ae4f10b5 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) > > b25508dd77 CVE-2023-4527: Stack read overflow with large TCP responses in > > no- mode > > 89da8bc588 NEWS: Add the 2.38.1 bug list > > d3ba6c1333 elf: Move l_init_called_next to old place of l_text_end in link > > map > > 750f19526a elf: Remove unused l_text_end field from struct link_map > > a3189f66a5 elf: Always call destructors in reverse constructor order (bug > > 30785) > > 7ae211a01b elf: Do not run constructors for proxy objects > > 92201f16cb libio: Fix oversized __io_vtables > > 5bdef6f27c io: Fix record locking contants for powerpc64 with > > __USE_FILE_OFFSET64 > > > > 0024-CVE-2023-4527.patch is dropped > > > > Signed-off-by: Deepthi Hemraj > > --- > > meta/recipes-core/glibc/glibc-version.inc | 2 +- > > .../glibc/glibc/0024-CVE-2023-4527.patch | 219 -- > > meta/recipes-core/glibc/glibc_2.38.bb | 1 - > > 3 files changed, 1 insertion(+), 221 deletions(-) > > delete mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch > > I suspect that as well we deleting the patch, you need to add something > like: > > CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" > > otherwise we'll see CVEs reported against this again? > > There may be other CVEs which need adding too? Since there appears to be a serious glibc issue we need to patch, I've gone ahead and added an update on top of this patch to pull in the new urgent pieces and set the CVE_STATUS accordingly. Please follow up with an additional patch for any other CVE_STATUS pieces I didn't cover. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188664): https://lists.openembedded.org/g/openembedded-core/message/188664 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
On Mon, 2023-10-02 at 20:09 -0700, Hemraj, Deepthi via lists.openembedded.org wrote: > From: Deepthi Hemraj > > Below commits on glibc-2.38 stable branch are updated. > 0e1ef6779a (HEAD -> release/2.38/master, origin/release/2.38/master) > manual/jobs.texi: Add missing @item EPERM for getpgid > d94461bb86 string: Fix tester build with fortify enable with gcc < 12 > 63250e9c57 iconv: restore verbosity with unrecognized encoding names (bug > 30694) > 00ae4f10b5 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) > b25508dd77 CVE-2023-4527: Stack read overflow with large TCP responses in > no- mode > 89da8bc588 NEWS: Add the 2.38.1 bug list > d3ba6c1333 elf: Move l_init_called_next to old place of l_text_end in link map > 750f19526a elf: Remove unused l_text_end field from struct link_map > a3189f66a5 elf: Always call destructors in reverse constructor order (bug > 30785) > 7ae211a01b elf: Do not run constructors for proxy objects > 92201f16cb libio: Fix oversized __io_vtables > 5bdef6f27c io: Fix record locking contants for powerpc64 with > __USE_FILE_OFFSET64 > > 0024-CVE-2023-4527.patch is dropped > > Signed-off-by: Deepthi Hemraj > --- > meta/recipes-core/glibc/glibc-version.inc | 2 +- > .../glibc/glibc/0024-CVE-2023-4527.patch | 219 -- > meta/recipes-core/glibc/glibc_2.38.bb | 1 - > 3 files changed, 1 insertion(+), 221 deletions(-) > delete mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch I suspect that as well we deleting the patch, you need to add something like: CVE_STATUS[CVE-2023-4527] = "fixed-version: Fixed in stable branch updates" otherwise we'll see CVEs reported against this again? There may be other CVEs which need adding too? Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188661): https://lists.openembedded.org/g/openembedded-core/message/188661 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
On 2023-10-03 1:34 a.m., Deepthi.Hemraj via lists.openembedded.org wrote: Regression testing is done and below are the test results. Before glibc update Summary of test results: 213 FAIL 4805 PASS 16 XFAIL 4 XPASS 218 UNSUPPORTED After glibc update Summary of test results: 216 FAIL 4805 PASS 16 XFAIL 4 XPASS 218 UNSUPPORTED These are the newly added test cases Thanks for the update, summary and initial analysis. PASS: io/tst-fcntl-lock-lfs FAIL: nss/tst-nss-gai-hv2-canonname It's a little odd that a new test case is failing. Is this reproducible? Is there a bug reported upstream or discussed on an email list? PASS: resolv/tst-resolv-no-vc And below are new failures FAIL: nptl/tst-thread-affinity-sched FAIL: malloc/tst-malloc_info-malloc-check Are these reproducible? Is there a bug reported upstream? Please do some additional analysis of the failures including whether they only happen in a bitbake build and report back here so we can decide how to proceed. Thanks again Deepthi, ../Randy -- # Randy MacLeod # Wind River Linux -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188638): https://lists.openembedded.org/g/openembedded-core/message/188638 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
Regression testing is done and below are the test results. Before glibc update Summary of test results: 213 FAIL 4805 PASS 16 XFAIL 4 XPASS 218 UNSUPPORTED After glibc update Summary of test results: 216 FAIL 4805 PASS 16 XFAIL 4 XPASS 218 UNSUPPORTED These are the newly added test cases PASS: io/tst-fcntl-lock-lfs FAIL: nss/tst-nss-gai-hv2-canonname PASS: resolv/tst-resolv-no-vc And below are new failures FAIL: nptl/tst-thread-affinity-sched FAIL: malloc/tst-malloc_info-malloc-check -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188623): https://lists.openembedded.org/g/openembedded-core/message/188623 Mute This Topic: https://lists.openembedded.org/mt/101727838/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH V3] glibc: stable 2.38 branch updates.
From: Deepthi Hemraj Below commits on glibc-2.38 stable branch are updated. 0e1ef6779a (HEAD -> release/2.38/master, origin/release/2.38/master) manual/jobs.texi: Add missing @item EPERM for getpgid d94461bb86 string: Fix tester build with fortify enable with gcc < 12 63250e9c57 iconv: restore verbosity with unrecognized encoding names (bug 30694) 00ae4f10b5 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) b25508dd77 CVE-2023-4527: Stack read overflow with large TCP responses in no- mode 89da8bc588 NEWS: Add the 2.38.1 bug list d3ba6c1333 elf: Move l_init_called_next to old place of l_text_end in link map 750f19526a elf: Remove unused l_text_end field from struct link_map a3189f66a5 elf: Always call destructors in reverse constructor order (bug 30785) 7ae211a01b elf: Do not run constructors for proxy objects 92201f16cb libio: Fix oversized __io_vtables 5bdef6f27c io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64 0024-CVE-2023-4527.patch is dropped Signed-off-by: Deepthi Hemraj --- meta/recipes-core/glibc/glibc-version.inc | 2 +- .../glibc/glibc/0024-CVE-2023-4527.patch | 219 -- meta/recipes-core/glibc/glibc_2.38.bb | 1 - 3 files changed, 1 insertion(+), 221 deletions(-) delete mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index a907444f50..f5ebbb2ee6 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.38/master" PV = "2.38+git" -SRCREV_glibc ?= "1aed90c9c8f8be9f68b58e96b6e4cd0fc08eb2b1" +SRCREV_glibc ?= "0e1ef6779a90bc0f8a05bc367796df2793deecaa" SRCREV_localedef ?= "e0eca29583b9e0f62645c4316ced93cf4e4e26e1" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" diff --git a/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch b/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch deleted file mode 100644 index 7d9adf6a66..00 --- a/meta/recipes-core/glibc/glibc/0024-CVE-2023-4527.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 4ea972b7edd7e36610e8cde18bf7a8149d7bac4f Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Wed, 13 Sep 2023 14:10:56 +0200 -Subject: [PATCH] CVE-2023-4527: Stack read overflow with large TCP responses - in no- mode - -Without passing alt_dns_packet_buffer, __res_context_search can only -store 2048 bytes (what fits into dns_packet_buffer). However, -the function returns the total packet size, and the subsequent -DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end -of the stack-allocated buffer. - -Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no- -stub resolver option") and bug 30842. - -(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d) - -Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f] -CVE: CVE-2023-4527 - -Signed-off-by: Yash Shinde - - NEWS | 7 ++ - resolv/Makefile | 2 + - resolv/nss_dns/dns-host.c | 2 +- - resolv/tst-resolv-no-vc.c | 129 ++ - 4 files changed, 139 insertions(+), 1 deletion(-) - create mode 100644 resolv/tst-resolv-no-vc.c - -diff --git a/NEWS b/NEWS a/NEWS -+++ b/NEWS -@@ -126,6 +126,7 @@ - [30477] libc: [RISCV]: time64 does not work on riscv32 - [30515] dynamic-link: _dl_find_object incorrectly returns 1 during - early startup -+ [30842] Stack read overflow in getaddrinfo in no- mode (CVE-2023-4527) - [30527] network: resolv_conf lock not unlocked on allocation failure - [30550] math: powerpc64le: GCC-specific code for isinf() is being used - on clang -@@ -157,6 +158,12 @@ - heap and prints it to the target log file, potentially revealing a - portion of the contents of the heap. - -+ CVE-2023-4527: If the system is configured in no- mode via -+ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address -+ family, and a DNS response is received over TCP that is larger than -+ 2048 bytes, getaddrinfo may potentially disclose stack contents via -+ the returned address data, or crash. -+ - The following bugs are resolved with this release: - - [12154] network: Cannot resolve hosts which have wildcard aliases -diff --git a/resolv/Makefile b/resolv/Makefile a/resolv/Makefile -+++ b/resolv/Makefile -@@ -102,6 +102,7 @@ - tst-resolv-invalid-cname \ - tst-resolv-network \ - tst-resolv-no \ -+ tst-resolv-no-vc \ - tst-resolv-nondecimal \ - tst-resolv-res_init-multi \ - tst-resolv-search \ -@@ -293,6 +294,7 @@ - $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \ - $(shared-thread-library) - $(objpfx)tst-resolv-no: $(objpfx)libresolv.so $(shared-thread-library) -+$(objpfx)tst-resolv-no-vc: $(objpfx)libresolv.so